If your organization uses online voicemail services, you’ve probably used links in notification emails to check your new messages. Lately, scammers are creating look-alike notification messages that trick you into giving up your login credentials.
The fake voicemail notifications take you through a series of steps. They’ll first prompt you to click a link to listen to your “new message”. Then, you’re directed to a web page containing another link to click on so you can finally listen to your “new message”.
If you click this link, you’re brought to a realistic-looking Microsoft sign-in page where you’re prompted for your email and password. If you enter your login details here, the bad guys will have full access to your account, where they can steal sensitive data or perform further attacks on your organization.
Remember the following to stay safe:
- Before clicking, always hover over links to see where they’re taking you.
- If you’re already logged into your email account, you shouldn’t be prompted to log in again. When asked to log in to an online service you’re using, type the web address into your browser yourself, rather than using unexpected links.
- Get familiar with the format of your voicemail notification emails. If you’re ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
Stop, Look, and Think. Don’t be fooled.